21 - FTP


telnet 21


nc -n 21

NSE Script

nmap -sV -script banner -p21 -Pn



Anonymous Login

Note: During the port scanning phase Nmap’s script scan (-sC), can be enabled to check for FTP Bounce and Anonymous Login.

Try anonymous login using anonymous:anonymous credentials.


Name ( anonymous
331 Please specify the password.
Password: [anonymous]
230 Login successful.

List all files in order.

ftp> ls -lat
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.

226 Directory send OK.

FTP Browser Client

Due to its insecure nature, FTP support is being dropped by Firefox and Google Chrome.

Try accessing ftp://user:pass@ from your browser. If not credentials provided anonymous:anonymous is assumed.

Brute Forcing

Se Brute Forcing SSH

SecLists includes a handy list of FTP default credentials.

Configuration files

It is important to examine these config files:



Binary and ASCII

Binary and ASCII files have to be uploading using the binary or ascii mode respectively, otherwise, the file will become corrupted. Use the corresponding command to switch between modes.

Download all files from FTP

wget -m ftp://anonymous:anonymous@ #Donwload all
wget -m --no-passive ftp://anonymous:anonymous@ #Download all

Last updated